Many organizations and systems include server computer systems that provide various important functions to the organization. For example, even a small business may have an email server, one or more database servers, a company intranet portal hosted by a web server, a file server, and so forth. These functions may reside on a single computer system or on several computer systems, such as to increase scalability and provide adequate resources for each function based on anticipated or measured loads. Products, such as MICROSOFT™ WINDOWS™ Small Business Server provide multiple server functions in a single product.
When an organization has multiple servers, the servers may include various authentication mechanisms and security protocols to allow servers to trust one another and to allow users to sign on to access the functions provided by each server. One security system for allowing servers to communicate using a single sign-on is MICROSOFT™ ACTIVE DIRECTORY™ Federation Services (ADFS). ADFS was introduced in MICROSOFT™ WINDOWS SERVER™ 2003 for organizations to participate in standards-based identity federation. ADFS provides claims-based authentication across servers and even across organizations. Claims based authentication uses tokens and certificates to authenticate a user or server with a set of claims contained within the token.
Unfortunately, introducing certificates also introduces the problem of certificate management, as certificates expire over time. In a product deployment that uses Public Key Infrastructure (PKI) or similar policies to perform some of its functions, it is very common to assume that the product relies on an administrator to manually manage the certificate lifecycle. In addition, such products rely on the administrator to do the heavy lifting of sharing these certificates in a server farm. For many organizations, particularly small businesses, where sophisticated administrators are typically not employed, this assumption often leads to loss of functionality and servers that cannot communicate correctly to provide the expected functions to the organization. Even when an administrator does replace an old certificate with a new one as scheduled, there is a chance that something in a system might break because of this sudden change, by not giving a warning to others dependent on the system about this change ahead of time. In addition, certificate updates involve significant planning as certificates are typically updated manually on each server on the same day as part of scheduled downtime.